– The location is the following: • http://www.ge**********er.com/files/install_flashplayer11x64_mssd_aih_de.exe It is saved on the local hard drive under: %HOME%\Vorlagen\install_flashplayer11x64_mssd_aih_de.exe

– The location is the following: • http://s3**********naws.com/installshare/client/files/bab_setup.exe It is saved on the local hard drive under: C:\TEMP\InstallShare\22279\bab_setup.exe

Trusted file pretending: Its process pretends to be the following trusted process: Adobe Flash Player Installer Please note that the malware even fakes the icon. As a result it appears to be the above mentioned process.

File details

Runtime packer: In order to aggravate detection and reduce size of the file it is packed with the following runtime packer: • UPX

Description inserted by Martin Muench on Saturday, July 14, 2012Description updated by Martin Muench on Saturday, July 14, 2012